[Mailman-Users] what is a virtual domain?

Stephen J. Turnbull stephen at xemacs.org
Mon Nov 19 16:53:52 CET 2012

Lindsay Haisley writes:

 > It's not unusual at all.  From the point of view of DNS, there's no
 > difference between a virtual domain and a real one.

Actually, that's not true.  In the context of Mailman, the most
important one is that an MX record must point to a real domain (ie,
one with an A record) and you probably even want that A record to be
invertible (ie, the PTR for that IP address points back to the same
domain).  A virtual domain also is not 100% reliable for SSL/TLS
services because basic TLS does its certificate exchange at a level
"below" the DNS, so deciding which virtual domain's certificate to
present is problematic (there is an extension to the protocol which
fixes this, but it's not 100% implemented, in particular IE on XP
still can't do it according to Wikipedia, which will kill you in Japan
where about 1/3 of business systems are still XP-based).

This isn't particularly relevant to people who are just plain users of
the system, and I imagine to you it's all second-nature now, but the
OP sounds like he's a bit into do-it-yourself so he should be aware of
the limitations on doing tricky stuff based on a virtual domain.


More information about the Mailman-Users mailing list